Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Do you mean you turn off IPv6, because it's easy for others to get lots of IPs and bypass a IP blacklist?

If so, that is a difference from IPv4. Don't block IPs, block subnets. Block the whole /64. It's what you were doing with IPv4 anyway - blocking a whole building / office / etc at once!

That's still no reason to turn IPv6 off in my humble opinion...



IPv6 ratelimiting can be a bit tricky, you block my /64 and I come back with a /48 and so on.

Most stuff defaults to bucketing by /64s.


Right, but how does this differ from IPv4? Every time I restart my cable modem, I get a new IP from a /18 or so of IPv4 space.

IP blocking is far from ideal, in both versions of IP.. IPv6 makes this no better, or worse.


You get a single IP, that doesn’t scale well at all.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: